Threats

A turnkey home? A turnkey website? How about turnkey phishing? Scammers now sell turnkey phishing services to other scammers. Read on to find out how it works.

Developers’ accounts are being hijacked using fake job offers sent from a legitimate GitHub address.

A new phishing technique uses progressive web apps (PWAs) to mimic browser windows with convincing web addresses to steal passwords.

Almost six out of ten passwords can be cracked in less than an hour using either a modern graphics card or cloud services. All it costs is a few dollars and some free time. How this is possible and what to do about it is the topic of our study.

Tips on how to watch the UEFA Euro 2024 tournament while keeping your money safe and your mood good.

Two-factor authentication protects your account from theft — until you yourself give away your one-time password.

A recent zero-click vulnerability in TikTok has led to high-profile accounts being taken over.

Fake tech-support has long been a trend in fraud worldwide. We explain how it works, and what you can do to protect yourself.

Scammers posing as buyers are targeting sellers on message boards. We explain the details of this scam, and offer tips for safe online trading.

dormakaba Saflok locks — used on around three million doors across 13,000 hotels — are vulnerable to an attack that involves forging electronic keycards.

Vehicle makers sell the data collected by connected cars about their users’ driving habits to data brokers – who resell it to insurance companies.

Kaspersky ICS-CERT experts have discovered several critical vulnerabilities in Telit Cinterion M2M modems, which are used in millions of devices.

What are the most common MITRE ATT&CK techniques encountered in real-world incidents — and how to neutralize them? We investigate using statistics from Incident Response and MDR services!

Can you catch malware by downloading files from Microsoft’s repositories on GitHub? Turns out, you can. Stay alert!

A credential stuffing attack is one of the most effective ways to take control of accounts. Here’s how it works and what you should do to protect your company.

Dropbox has shared a report on a data breach in the Dropbox Sign e-signature service. What does this mean for users, and what should they do?

How hackers exploit chatbot features to restore encrypted chats from OpenAI ChatGPT, Microsoft Copilot, and most other AI chatbots.

Advertising firms’ extensive collection of personal data is becoming of great use to intelligence agencies. So how to guard against mass surveillance?

Proxyware can make it difficult to detect cyberattacks on organizations — sometimes making the latter unwitting accomplices in crimes.

What influences individuals’ behaviours toward cybersecurity issues – particularly regarding connecting to a secure internet connection, handling suspicious links and files, and adopting strong passwords?

Hackers have long been engaging with the gaming world: from cracking games and creating cheats, to, more recently, attacking esports players live during an Apex Legends tournament. Regarding the latter, we break down what happened and how it could have been avoided.